Katie Arrington’s lawsuit against the US Dept. of Defense has been dismissed with prejudice, according the most recent court docket filings, disallowing her from raising the case again in the future. The dismissal order indicates the parties have entered into a settlement agreement, but that agreement was not entered into court, leaving the court without jurisdiction to enforce its terms.
Arrington had sued the Federal government over the suspension of her security clearance, which led her to be put on paid leave from her role as CISO at the Office of the Undersecretary of Defense for Acquisitions and Sustainment.
Arrington’s original filing leaned into multiple conspiracy theories, suggesting her clearance was due to Biden administration officials wanting to sideline her, and that the National Security Agency (NSA) had been opposed to her CMMC program. Her attorney, Mark Zaid, provided no evidence to support these claims in his filing.
For the past few months, the parties filed multiple joint extensions, indicating some agreement was coming. As of January 31, the case was fully dismissed.
The fact that the settlement agreement was kept out of court allows both parties to claim victory. While the Federal government has not commented, Arrington’s lawyer has quickly postured that the result was a win for his client. According to Federal News Network, “Zaid said the information the government has turned over so far ‘clearly demonstrates’ there was no security violation in the first place.” Because the information was not produced in court, there is no way to verify the truth in these claims.
What does appear to be true is that Arrington did not get the majority of the outcomes she was seeking. Arrington was demanding that the Court order the government to “complete any actions related to the Plaintiff,” “provide the Plaintiff with appropriate procedural and substantive due process,” perform a “name-clearing hearing,” issue a Court order declaring that Zaid “has a ‘need-to-know’ any relevant information concerning these actions,” and “award [Arrington] reasonable costs and attorney’s fees.” None of those were specifically granted by the court.
Instead, the clearance investigation process appears to have gone on as expected, and as provided for in the DoD Manual 5200 which defines such actions. Zaid appears to have won some background information into the case, which he says will allow him to mount an appeal for her suspension. That suspension remains in effect.
Arrington had originally claimed she was denied due process and filed a lawsuit only five months after her suspension; the DoD Manual, however, has no time limit on such investigations, and only begins tracking them after six months. Arrington then filed an amended complaint, shifting her argument.
That Arrington voluntarily agreed to have the case dismissed “with prejudice,” meaning she is barred from refiling any suits on the same matter in the future, suggests her hand was not as strong as presented by her attorney.
Arrington’s suspension maintains in effect, and it is not clear that she has job to go back to even if her clearance is restored. The CMMC program has shifted to fall under another department, and her CISO role was nearly entirely linked to CMMC administration. She is widely expected to resign and resume political campaigns in South Carolina for the Republican party.
Arrington still faces ethics probes, a whistleblower reprisal complaint, and at least one Freedom of Information Act demand related to her hiring at DoD.
The CMMC program developed by Arrington has been entirely re-written, now branded “CMMC 2.0,” and contains nearly none of her original plans. Arrington had falsely claimed to the US defense industry that certifications to CMMC would be underway by September of 2020, allowing the CMMC Accreditation Body — led by her former boss Ty Schieber of Dispersive Technologies — to reap millions of dollars in revenue from the ensuing industry panic. As of February 2022, not a single CMMC certification has been issued, and the DoD is now shifting to again allow companies to self-attest.